<?php
$authenticationService = new AuthenticationService();
switch ($action) {
	case "login":
		if(isset($_POST['username']) && isset($_POST['password']))
		{
			$username = $_POST['username'];
			$password = $_POST['password'];
				
			//----------------------
			//Check if the user has already tried to login
			//If they have, set the variable $auth_tries to the value of the cookie and get the expire time
			if (isset($_COOKIE['time_limit'])) {
				$num_tries = $_COOKIE['auth_attempts'];
				$expire_time = $_COOKIE['time_limit'];
			} else {
				//If they haven't, create the cookie with a value of 1, since this is their first attempt
				setcookie('auth_attempts', 1, time()+900); //Cookie named 'auth_attempts' with a stored value of '1' that expires in 900 seconds from now (15 minutes)
				setcookie('time_limit', time()+900, time()+900); //Cookie named 'time_limit' that stores the expiration time of the first login attempt
				$num_tries = 1; //Value of 1
				$expire_time = time()+900; //Timestamp of 15 minutes from now
			}
			//Check if the user has exceeded 3 login attempts in 15 minutes
			//If true, log the current timestamp in the DB and let the user know they are temporarily locked out
			if ($num_tries > 3) {
				$lockout_time = time() + 3600; //Timestamp of 1 hour from now
				//UPDATE lockouttime to database
				$authenticationService->updateLockOutTimeByName($context, $result, $username, $lockout_time);
				$num_tries = 1;
				setcookie('auth_attempts', 1, time()+900);
				echo "<script>alert('You have failed to log in 3 times in 15 minutes!  You must wait an hour before attempting to log in again.');window.location='index.php?func=login';</script>";
			}
			$lockOutTime = $authenticationService->getLockOutTimeByUserName($context, $result, $username);
			if($lockOutTime!= null && $lockOutTime> time())
			echo "<script>alert('User Locked ! You must wait an hour to attempt to log in again!');window.location='index.php?func=login';</script>";
			else {
				$loginResult = $authenticationService->login($context, $result, $username, $password);
				if($loginResult != false)
				{
					$_SESSION['user']['ID'] = $loginResult->getID();
					$_SESSION['user']['username'] = $loginResult->getUname();
					$_SESSION['user']['type'] = $loginResult->getType();
					$_SESSION['user']['lastLogin'] = $loginResult->getLastLogin();
					$dateTime = date('Y-m-d h:i:s', time());
					$loginResult->setLastLogin($dateTime);
					$authenticationService->update($context, $result, $loginResult);
					setcookie('auth_tries', '', time()-3600);
					setcookie('time_limit', '', time()-3600);
					if(isset($_SESSION['gotoPage']))
					{
						echo "<script>window.location='".$_SESSION["gotoPage"]."';</script>";
					}
					else
					{
						echo "<script>window.location='index.php?func=dash';</script>";
					}

					//header("Location:index.php?func=dash");
				}
				else
				{
					$num_tries++; //Increment $auth_tries to reflect the failed login attempt
					setcookie('auth_attempts', $num_tries, $expire_time); //Update your 'auth_attempts' cookie
					echo "<script>alert('Login Failed!!!');window.location='index.php?func=login';</script>";
				}
			}
		}
		break;
	case "logout":
		session_destroy();
		header("Location:index.php?func=login");
		die();
		break;
	default:
		echo "khong co tinh nang nay";
		break;
}
?>